DefensePro User Guide
Security Configuration
150
Document ID: RDWR-DP-V0602_UG1201
Configuring Signature Protection Profiles
A Signature Protection profile contains one or more rules for the network segment you want to
protect. Each rule defines a query on the Signatures database. DefensePro activates protections
from the signature database that comply with the set of rules. The user-defined profile is updated
each time you download an updated Signatures database.
Each rule in the profile can include one or more entries from the various attribute types.
Rules define a query on the Signatures database based on the following logic:
•
Values from the same type are combined with logical OR.
•
Values from different types are combined with logical AND.
The rules are combined in the profile with a logical OR.
Note:
Rules in the profile are implicit. That is, when you define a value, all signatures that
match a specific selected attribute plus all the signatures that have no attribute at all.
This logic ensures that signatures that may be relevant to the protected network are
included—even if they are not associated explicitly (by SOC) with the application in the
network.
To configure Signature Protection profiles, IPS protection must be enabled and global DoS Shield
parameters must be configured. For more information, see
Configuring Global Signature Protection,
and
Configuring DoS Shield Protection, page 119
To configure Signature Protection profiles
1. In the Configuration perspective Network Protection tab navigation pane, select Signature
Protection > Profiles.
2. Do one of the following:
—
To add a profile, click the
(Add) button, and enter a profile name.
—
To edit a profile, double-click the entry in the table.
—
To display the list of signatures associated with the configured protections for the profile,
double-click the entry in the table; and then, click Show Matching Signatures.
Table 77: Implications of Policy Directions
Policy Direction Policy Action Packet
Direction
Signature Direction
Inbound
Outbound
Inbound or
Outbound
From To
One way
Ex to in
Inspect
Ignore
Inspect
In to ex
Ignore
Inspect
Ignore
From To
Two way
Ex to in
Inspect
Ignore
Inspect
In to ex
Ignore
Inspect
Inspect
Any to any
N/A
N/A
Ignore
Ignore
Inspect
Summary of Contents for DefensePro 6.02
Page 1: ...DefensePro User Guide Software Version 6 02 Document ID RDWR DP V0602_UG1201 January 2012 ...
Page 2: ...DefensePro User Guide 2 Document ID RDWR DP V0602_UG1201 ...
Page 20: ...DefensePro User Guide 20 Document ID RDWR DP V0602_UG1201 ...
Page 28: ...DefensePro User Guide Table of Contents 28 Document ID RDWR DP V0602_UG1201 ...
Page 116: ...DefensePro User Guide Device Network Configuration 116 Document ID RDWR DP V0602_UG1201 ...
Page 302: ...DefensePro User Guide Real Time Security Reporting 302 Document ID RDWR DP V0602_UG1201 ...
Page 308: ...DefensePro User Guide Administering DefensePro 308 Document ID RDWR DP V0602_UG1201 ...
Page 324: ...DefensePro User Guide Troubleshooting 324 Document ID RDWR DP V0602_UG1201 ...